Example Nortel Network


This article describes a possible network deployment scenario Figure 1 shows the network layout with a Nortel Mesh. For this network, the following IP addressing scheme is used:




Internet IP

192.168.200.2/24

DNS

192.168.200.1

Default Route

192.168.200.1

Table 1: Internet Connection Information






WiDirect/Wireless Gateway

10.4.1.0/24

Access Point Extranet

10.1.1.0/24

NAP Router/Wireless Gateway “Stub”

10.2.1.0/24

Access Point Intranet

10.3.1.0/24

Mobile Nodes

10.8.1.0/24

Table 2: Subnets Used










WiDirect ETH1

10.4.1.1/24

NAP-R

10.1.1.1

NAP1

10.3.1.50

SAP1

10.3.1.49

SAP2

10.3.1.48

Wireless Gateway Private Management/HA

10.4.1.2

Wireless Gateway Private LAN

10.4.1.3

Wireless Gateway Public

10.2.1.2

Nap Router

10.2.1.1

Table 3: Specific IP addresses

Figure 1: Sample Network Diagram

WARNING: While this demonstration network aims to provide a fully working configuration, all the possible Nortel information -such as Wireless Gateway configuration- is beyond the scope of this document. Please consult the Nortel documentation for more information


The serial number for the Nortel Access Points are listed in Table 4




NAP1

NNTMCN000JJB

10.3.1.50

SAP1

NNTMCN000UIR

10.3.1.49

SAP2

NNTMCN000UIF

10.3.1.48

Table 4: Access Point Information

Basic Setup and Configuration



For the most part, the network diagram that is pictured in Figure 1 shows the standard Nortel addressing scheme, which was derived from the Nortel documentation. This addressing scheme is only a suggestion and any IP addressing scheme is valid with the WiDirect. However, different subnet schemes would require more configuration changes that what is described in this example.

Before configuring, the first step is to login to the admin page of the WiDirect. See Section 1 of the manual for information on how to access the administration logging page. (By default it is http://10.4.1.1/portal/admin, but can change if the IP addresses have been modified.)
WiDirect Network Configurations

The first step in configuring the same network is to configure the Internet information on the WiDirect. It is recommended that the IP address of ETH0 be changed from using DHCP to a static IP address.

NOTE: If you change the IP address of the interface that you are connected to, the connection will drop. You'll need to reconfigure the local IP address of the connecting machine in order to reconnect to the WiDirect. When changing the IP address of the ETH1 interface, the WiDirect should be restarted.

In this example, the ETH1 interface is going to remain the same as the default, which is 10.4.1.1/24. However, the ETH0 is going to change to a static IP address with a default gateway as shown in Table 3-1. Figure 3-2 shows the new settings:

Figure 2: Setting up the network

Adding Access Points



In this example, there are three access points. Table 3 lists the information that is required for the example network. Figure 3 shows the page for adding the NAP1 interface. The procedure is repeated for the next two access points.

Figure 3: Adding Access Point

Here is the way the access point page should look after all three access points have been added:

Figure 4: All Access Points Added

Verifying DHCPD configuration
Since this example is using the standard Nortel IP scheme, the default DHCPD.conf that is shipped with the WiDirect will work without a problem. For this example, the most important pieces are the Intranet 10.1.2.0, Extranet 10.1.1.0 and the mobile nodes of 10.8.1.0. The dhcpd for these subnets should look like this:


# AP Extranet Subnet 10.1.1.0/24
subnet 10.1.1.0 netmask 255.255.255.0 {
option acumen.ospfareaid 10.0.0.0;
option acumen.pgaddr 10.2.1.2;
# Rest of stand alone APs, dynamic assignment
range 10.1.1.100 10.1.1.150;
option routers 10.1.1.1;
option subnet-mask 255.255.255.0;
filename "ap.ftp";
server-name "10.4.1.1";
}
#
subnet 10.1.2.0 netmask 255.255.255.0 {
option acumen.ospfareaid 10.0.0.1;
option acumen.pgaddr 10.2.1.2;
# Static 'host' AP entries
# Rest of stand alone APs, dynamic assignment
range 10.1.2.100 10.1.2.150;
option routers 10.1.2.1;
option subnet-mask 255.255.255.0;
filename "ap.ftp";
server-name "10.4.1.1";
}
#
subnet 10.1.3.0 netmask 255.255.255.0 {
option acumen.ospfareaid 10.0.0.2;
option acumen.pgaddr 10.2.1.2;
# Rest of stand alone APs, dynamic assignment
range 10.1.3.64 10.1.3.254;
option routers 10.1.3.1;
option subnet-mask 255.255.255.0;
filename "ap.ftp";
server-name "10.4.1.1";
}

# Mobile Users Subnet 10.8.1.0/24
subnet 10.8.1.0 netmask 255.255.255.0 {
range 10.8.1.2 10.8.1.254;
option routers 10.8.1.1;
option domain-name-servers 10.4.1.1;
option ntp-servers 10.4.1.1;
option mobile-ip-home-agent 10.4.1.2;
option subnet-mask 255.255.255.0;
}
# Secure Mobile Users Subnet 10.9.1.0/24
subnet 10.9.1.0 netmask 255.255.255.0 {
range 10.9.1.2 10.9.1.254;
option routers 10.9.1.1;
option domain-name-servers 10.4.1.1;
option ntp-servers 10.4.1.1;
option mobile-ip-home-agent 10.4.1.2;
option subnet-mask 255.255.255.0;
}

Although discussed here, the actual settings required for Nortel support is beyond the scope of this article. If the IP addressing is different from the standard settings supplied by the WiDirect, consult the Nortel documentation on what values to change in the dhcpd.conf file.

Configure Radius


For this example, we are going to be using a single SSID, which is discussed again in the AP.ftp file section. The only thing required from the Radius side is to enter the Access Point definitions. In the admin GUI, click on Services->Radius and then click on Generate Keys, which will display all the entries for the user.conf file based on the Access Points that are already defined. Figure 3.-5 shows how this list is displayed.

Figure 5: Generating the Keys for the Radius file

To activate these new entries, they need to be cut and pasted into the users.conf file on the Radius Configuration page. Figure 3-6 shows the completed users.conf file. (Notice the SSID definition of AnnapolisWireless.)


Figure 6: Completed user.conf Radius file

The only three lines were added were the Access Point definitions. The section labeled User Section contains the information about the SSID and the tunnels that the Wireless Gateway will configure. This part is beyond the scope of this documentation. And if changes are required to this section, the Nortel documentation should be consulted on what values to change.

After the users.conf file has been updated, click the Save Config & Apply button to activate the Radius changes.
Verifying the ap.ftp file
The WiDirect ships with a working ap.ftp file, as long as the standard Nortel addressing scheme is being used. This file setting is beyond the scope of this document, and the Nortel documentation should be consulted for any questions about the syntax of this file.

For this demonstration network, the following is the valid ap.ftp file.

# Ignore packets coming from the following subnets
[AccessLink]
SubnetAddrAndMask=10.1.1.0,255.255.255.0
SubnetAddrAndMask=10.2.1.0,255.255.255.0
#mode=
#
# Use these DHCP Server(s)
[DHCP]
WarpPrimaryDHCP=10.4.1.1
MnPrimaryDHCP=10.4.1.1
#
# Primary and Secondary RAdius Server(s)
[RADIUS]
PrimaryAuthenticationServer=10.4.1.1:1812
PrimaryAccountingServer=10.4.1.1:1813
#SecondaryAuthenticationServer=10.4.1.1:1812
#SecondaryAccountingServer=10.4.1.1:1813
#
# WG7250 Public and Management IPs
[PgHa]
PgAddrAndHaAddr=10.2.1.2,10.4.1.2
#
# Radius attribute mapping to Subnet Selection Option
[SubscriberGroup]
MnSubnetAndTunnelId=10.8.1.0,nortel
#MnSubnetAndTunnelId=10.9.1.0,secure
Status=1
#
# Mobile Specific
[Mobiles]
#MnMacAddrAndIp=, , ,
#
# ENMS / Optivity Server IP (SNMP)
[NMS]
NmsIpAddr=10.4.1.1
#
# SNTP server
[SNTP]
SntpServer=10.4.1.1
#
# Syslog Server
[SysLog]
SyslogServer=10.4.1.1
#
# Internal Log Options
[EventLog]
OverWriteAlways=1
AutoFTPLog=1
#
# Inter-WG Roaming enable/disable
[InterwirelessGateway]
InterwirelessGateway=0
#
[ssid]
ssid=AnnapolisWireless
wpa_psk=0
wpa_eap=0
non_rsna=1
broadcastSsid=1
authType=0
maxNumAssoc=40
AccessLinkIp=10.8.1.1,255.255.255.0

Add SSID



Although the SSID was technically defined for the Mesh in the ap.ftp file and the Radius users.conf file, the WiDirect still needs to know about the SSID for branding and reporting purposes. Since this network will use the default branding, the SSID only needs to be created. By clicking on System Configuration->SSIDs, the SSID can be added as in Figure 7.

Figure 7: SSID Creation

Create Access Plan


For this sample network, only one plan will be created called 30 day free access with 1meg download and 500kbps upload bandwidth restrictions. Figure 3-7 shows the setup for the plan

Figure 8: Create Access Plan

Create Administrators


New boxes should have the default administrator password changed and new admin users should be created. See Section 1.6.11 of the WiDirect user manual.

Setting SSID Preferences


Each SSID can have its own configuration values. If a different SSID setting is required, such as a different redirect page, they can be set in the preferences section. See Section 1.4.1 of the WiDirect user manual.

Branding the User Pages


Setting the branding allows administrators to configure the branding of the user facing pages, such as the login page. If the installation calls for specific graphics and html for these pages, see section 1.4.4 of the user manual.

Setting Walled Garden Sites


The walled garden allows access to various sites without login to the WiDirect. These sites vary from depending on the policies of the local network. To configure the walled garden see Section 1.4.2 of the user manual.

Configuring the Message of the Day


The message of the day allows a message to be displayed on the login page, which is something that needs to be tailored for each installation. This page can be left blank if no message is desired. See section 1.4.3 of the user manual on how to configure it.

System Check


At this point, all the basic system elements have been configured for this network. Before attempting to login to the Network, click on the System Check menu to verify that all the services are enabled and PASS the system check.
Also, use this page to verify that the IP address is set properly on the ETH0 interface.

Figure 9: Running the System Check

Acceptance Testing of Sample Network


For this network, there only two features that are really required to be tested. The first is the AP Status page, which verifies that the AP's are up and monitored. The second test is to actually associate to an Access Point wirelessly and test the Internet Connection.
Run AP status to see if the Access Points are up

Click on the System Status-> AP Status link and verify that all the Access Points are UP


Access the Internet Wirelessly



Using a laptop, physically move to the nearest access point and try to connect to the Annapolis Wireless SSID. If everything has been configured properly, after associating to the access point, the WiDirect will provide the laptop with a DHCP address in the 10.8.1.0/24 subnet.

After an IP address has been provided, open a browser and connect to the Internet. If everything is running properly, the Captive Portal Login page will be displayed. Register for an account and login to the network.

At this point, the bare network configuration has been completed. For more system checks, see the Administration and Maintenance section later in this document.